i am studying for my oscp.i have my challenge exam coming up soon.i have ran out of lab time.to pass the challenge i feel i may need some more experience in sql injection and creation of exploits.

could anyone advise me where i can find a few tutorials for the creation of exploits.i would like the tutorial to be with current or easy to find software that is freeware/shareware.i say this as the example in the oscp used software that is superseded and also not freeware/shareware.

the main parts of the sql injection i would like to practice is command injection and gaining shell.also could someone please tell me how i could practice sql injection.my guess is i would have to create the database that allowed sql injection to be preformed on.and then practice on that.

Hello,Im not sure about exploit creation but for SQL injection you could use a tool that I developed last year. 'Damn Vulnerable Web App' is a deliberatly insecure web application that allows you to 'train' on. However id also like to point out that there are other apps out there that do the same and in some cases better.

I believe you can download some extra software to exploit from the offsec forums.

As for tutorials on exploits, the are several videos in this forum as well as on the offsec forum taking you through the process of exploit development and bypassing different issues (i.e. pop pop ret).

I am taking the OSCP challenge this Friday May29, 2009. I did 6 out of the final 7 challenges (For those OSCP grads, you probably know which is the one I could not pwn). I am looking for any hints some could give me on what to focus my studies. I' appreciate any tips you can give me....

I think if you applied yourself during the course you should be fine. Also, by doing the extra credit questions you will have some bonus points to go towards your exam (should you need it). There are plenty to be had throughout the course.

The exam can be a full 24 hours so get plently of rest and happy hacking!!